Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: WIU notifies OCR of data breach

Wisconsin Institute of Urology ('WIU') notified, on 5 August 2021, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 4,819 individuals. In particular, the WIU stated that on 26 May 2021 they had discovered suspicious activity relating to an employee's email account, after which they launched an investigation into the scope and nature of the incident, and on 1 June 2021 confirmed that there was a breach. Furthermore, the WIU stated that the impacted email address contained email and attachments containing protected health information including name, date of birth, medical treatment and medical diagnosis information, social security number, and health insurance information.

Moreover, the WIU confirmed that, after an audit of their security network, there was no access to other email accounts and any aspects of their computer systems. Lastly, the WIU highlighted that they are evaluating their data security policies and procedures relating to email usage and notifying regulatory authorities where necessary.

You can read the WIU notice here and access the OCR breach report here.